Mitigating ITScape (CVE-2026-46316) on Rocky Linux 9 and 10 (arm64)
Introduction
ITScape, tracked as CVE-2026-46316, is a use-after-free vulnerability in the Linux kernel's KVM implementation for arm64. The flaw is in the virtual GIC Interrupt Translation Service (vgic-its). During concurrent interrupt translation cache invalidation, the kernel can drop the cache's reference to a translation entry more than once (a double-put), leaving a freed entry referenced and reachable. A guest with access to an emulated GICv3 ITS can race these operations and use the resulting use-after-free to corrupt host kernel memory and escalate from the guest to the host.
This issue affects only arm64 (aarch64) systems that run KVM guests. x86_64 systems are not affected, and arm64 systems that are not acting as KVM hosts are not exposed through this path. Rocky Linux 8 is not affected: the vulnerable vgic-its code is not present in the Rocky 8 kernel.
This article covers Rocky Linux 9 and 10 on arm64, including the CIQ RLC Pro, RLC Pro LTS, and CIQ Linux Kernel (CLK) variants built on those releases. It explains what is affected, the current patch status, and what you can do to reduce exposure until a patched kernel is available.
Problem
The vulnerable code is reached from inside a guest, so the relevant attack surface is an arm64 host running one or more KVM virtual machines whose virtual interrupt controller is configured with a GICv3 ITS. A guest that can trigger concurrent ITS cache invalidations can drive the use-after-free in vgic_its_invalidate_cache() and corrupt host kernel memory.
Treat the following as affected unless they are running a patched kernel (none is available yet, see Status):
- Rocky Linux 9 and 10 on arm64 (aarch64) acting as a KVM host
- RLC Pro LTS 9.6, RLC Pro 9 (el9_8), and RLC Pro 10 (el10_2) on arm64, acting as KVM hosts
- CIQ Linux Kernel (CLK) 6.12 and 6.18 on arm64, acting as KVM hosts
Systems that are not exposed through this path:
- All x86_64 systems, regardless of role
- Rocky Linux 8 (the vulnerable
vgic-itscode is not present in the Rocky 8 kernel) - RLC Pro LTS 9.2 and 9.4 (not impacted)
- arm64 systems that do not run KVM guests
- arm64 KVM hosts whose guests do not use an emulated GICv3 ITS
CVE-2026-46316 is the guest-to-host escape: an untrusted guest can leverage the use-after-free to corrupt host kernel memory and execute code at the host privilege level. The same fix also resolves a related issue, CVE-2026-46317, a use-after-free with a denial-of-service impact, along with a further closely related use-after-free issue that is in the process of being assigned a CVE. All are addressed together in the patched RLC Pro LTS 9.6, RLC Pro 9, and RLC Pro 10 kernels. The correct fix is a patched kernel. Until that ships, the practical exposure is governed by how much you trust the guests running on the affected host.
Status
- No patched kernel is available yet, as of 2026-06-11. CIQ is tracking the fix for the affected Rocky Linux 9 and 10 arm64 variants and the CLK kernels. This article will be updated with exact patched kernel versions and a Patched Kernels table once builds are released.
- There is no module-block or sysctl mitigation for this flaw. The vulnerable code is the in-kernel emulated ITS, which is part of KVM's arm64 vGIC and cannot be unloaded or disabled with a drop-in config the way a loadable network module can. The realistic interim control is trust boundary management on the affected hosts (see Mitigation).
- x86_64 is not affected. If your arm64 footprint is limited or you do not run KVM on arm64, your exposure to this specific CVE is correspondingly limited.
- Open a support case if you need help confirming whether a given arm64 host is exposed, or if you want to be notified when the patched kernel for your variant is released.
Patched Kernels
No patched kernels are available yet. CIQ will populate the table below once builds are released for the affected Rocky Linux 9 and 10 arm64 variants.
| Variant | Patched Kernel Version | Released |
|---|---|---|
| RLC Pro LTS 9.6 (arm64) | pending | pending |
| RLC Pro 9 (arm64) | pending | pending |
| RLC Pro 10 (arm64) | pending | pending |
| CIQ Linux Kernel 6.12 (arm64) | pending | pending |
| CIQ Linux Kernel 6.18 (arm64) | pending | pending |
Confirm what is running on a given system with:
uname -r
uname -m
uname -m should report aarch64 for an affected system. On x86_64 this CVE does not apply.
Mitigation
There is no drop-in software mitigation for CVE-2026-46316. The exploitable code is the emulated ITS inside the KVM arm64 vGIC, reached from a guest. Until a patched kernel is installed, reduce exposure by managing what runs on the affected hosts.
Limit affected hosts to trusted guests
The flaw requires a malicious or compromised guest to drive the race from inside a VM. On arm64 KVM hosts that cannot yet be patched, restrict the host to guests and tenants you trust. Multi-tenant arm64 virtualization, where untrusted parties control guest workloads, is the highest-risk configuration and should be prioritized for patching.
Identify whether a host is exposed
Confirm the architecture, whether KVM is in use, and whether guests are running:
uname -m # aarch64 = potentially affected
lsmod | grep -E '^kvm' # KVM loaded
sudo virsh list --all # guests defined/running
A host that reports aarch64, has KVM loaded, and runs guests with an emulated GICv3 ITS is in scope. A host that reports x86_64, or that runs no KVM guests, is not exposed through this path.
Verification
Once a patched kernel is published and installed, confirm the running kernel matches (or is newer than) the patched version listed in the Patched Kernels table:
uname -r
There is no separate mitigation state to verify for this CVE, since no module-block or sysctl workaround applies. The patched kernel is the resolution.
Resolution
When CIQ publishes the patched kernel for your variant, install it and reboot:
sudo dnf update kernel*
sudo reboot
For RLC Pro LTS variants the patched kernel comes from the long-term support repository with no additional configuration. For RLC Pro 9, refresh DNF metadata and confirm the core channel is enabled before updating. After reboot, confirm with uname -r that the running kernel matches the published patched version.
Notes
- This is a KVM/arm64 virtualization flaw, not a general local privilege escalation reachable on every system. The exposure is specific to arm64 hosts running KVM guests.
- It is unrelated to the Dirty Frag and Fragnesia page-cache corruption vulnerabilities, which reach the kernel through the IPsec/ESP path. The mitigations for those CVEs do not apply here, and the mitigations here (trust boundary management) do not substitute for the kernel patch.
- A public proof-of-concept exists. Treat untrusted-multi-tenant arm64 KVM hosts as the priority for patching once a fixed kernel is available.